SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

I have a couple of questions.

1) I have a flutter app. Is there any reason I can't call the backend REST apis? Ideally I don't want my app to call SuperTokens directly. I want to do something like:
flutter -> python frontend server -> SuperTokens

2) If for whatever reason SuperTokens had to end support for the cloud solution - could there be an easy migration path to spin up a self-hosted solution and seed a self-hosted DB from the SuperToken hosted solution?

1) Yes, the reason is cause supertokens core doesn't expose the APIs that the frontend can call - those APIs are exposed via our backend SDK which integrates with your backend (in this cause the python server you mentioned). This makes it possible for us to handle session related operations and also makes it easy for you to customise auth logic on the backend.

2) Yes. We use postgres for our SaaS. So we can provide you a backup of that which you can restore in your own self hosted instance. The code on the backend and frontend should be unaffected by this (other than the connection URI in the backend)

For answer #1, does that mean I could use flutter but directly call the APIs that are exposed on my flask server via the backend SDK?